diff options
author | Anton Gerasimov <agerasimov@twilio.com> | 2019-09-18 16:48:44 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-09-23 23:32:45 -0700 |
commit | 0c32ca96c878488c923022a8828bef541e0df9ae (patch) | |
tree | cc02885d1b3dcd79ba87162dfe771c7b88e265bb /test/parallel/test-tls-set-sigalgs.js | |
parent | e078e482c5ba41641d85bc3ba136148cc44b4d22 (diff) | |
download | android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.gz android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.tar.bz2 android-node-v8-0c32ca96c878488c923022a8828bef541e0df9ae.zip |
tls: add option to override signature algorithms
Passes the list down to SSL_CTX_set1_sigalgs_list.
Option to get the list of shared signature algorithms
from a TLS socket added as well for testing.
Signed-off-by: Anton Gerasimov <agerasimov@twilio.com>
PR-URL: https://github.com/nodejs/node/pull/29598
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'test/parallel/test-tls-set-sigalgs.js')
-rw-r--r-- | test/parallel/test-tls-set-sigalgs.js | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/test/parallel/test-tls-set-sigalgs.js b/test/parallel/test-tls-set-sigalgs.js new file mode 100644 index 0000000000..59dc2ca0c7 --- /dev/null +++ b/test/parallel/test-tls-set-sigalgs.js @@ -0,0 +1,74 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) common.skip('missing crypto'); +const fixtures = require('../common/fixtures'); + +// Test sigalgs: option for TLS. + +const { + assert, connect, keys +} = require(fixtures.path('tls-connect')); + +function assert_arrays_equal(left, right) { + assert.strictEqual(left.length, right.length); + for (let i = 0; i < left.length; i++) { + assert.strictEqual(left[i], right[i]); + } +} + +function test(csigalgs, ssigalgs, shared_sigalgs, cerr, serr) { + assert(shared_sigalgs || serr || cerr, 'test missing any expectations'); + connect({ + client: { + checkServerIdentity: (servername, cert) => { }, + ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, + cert: keys.agent2.cert, + key: keys.agent2.key, + sigalgs: csigalgs + }, + server: { + cert: keys.agent6.cert, + key: keys.agent6.key, + ca: keys.agent2.ca, + context: { + requestCert: true, + rejectUnauthorized: true + }, + sigalgs: ssigalgs + }, + }, common.mustCall((err, pair, cleanup) => { + if (shared_sigalgs) { + assert.ifError(err); + assert.ifError(pair.server.err); + assert.ifError(pair.client.err); + assert(pair.server.conn); + assert(pair.client.conn); + assert_arrays_equal(pair.server.conn.getSharedSigalgs(), shared_sigalgs); + } else { + if (serr) { + assert(pair.server.err); + assert(pair.server.err.code, serr); + } + + if (cerr) { + assert(pair.client.err); + assert(pair.client.err.code, cerr); + } + } + + return cleanup(); + })); +} + +// Have shared sigalgs +test('RSA-PSS+SHA384', 'RSA-PSS+SHA384', ['RSA-PSS+SHA384']); +test('RSA-PSS+SHA256:RSA-PSS+SHA512:ECDSA+SHA256', + 'RSA-PSS+SHA256:ECDSA+SHA256', + ['RSA-PSS+SHA256', 'ECDSA+SHA256']); + +// Do not have shared sigalgs. +test('RSA-PSS+SHA384', 'ECDSA+SHA256', + undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); + +test('RSA-PSS+SHA384:ECDSA+SHA256', 'ECDSA+SHA384:RSA-PSS+SHA256', + undefined, 'ECONNRESET', 'ERR_SSL_NO_SHARED_SIGNATURE_ALGORITMS'); |